Top 10 Web Threats for QA (29 Nov)

By popular demand, CyResLab has developed a version of the "Top 10 Web Threats" course for QA specialists.

The course shifts focus from secure coding and programming countermeasures to security defect detection and analysis (a.k.a. triage), as well as the tools that are needed to master this process.

This 1-day hands-on course is designed to introduce QA specialists to the working mechanisms for the top web threats, as well as how they are identified and triaged in practice. The course includes attack demonstrations, and vulnerability exercises, examples of detection tools and tactics, as well as best practices for security-specific defects. The course is mostly technical and not organizational.

The course includes free access to an interactive online exercise environment for one week, following the course’s completion.

The goal: of this course is to enable participants to:

Be aware of the top threats in Web development;

Know the tactics used to identify these threats;

Course agenda:

Network and crypto basics

Injection

Broken Authentication

Sensitive Data Exposure

XXE

Broken Access Control

Security Misconfiguration

XSS

Insecure Deserialization

Using Components with Known Vulnerabilities

Insufficient Logging & Monitoring

DoS

Development process tips, Q & A

Ideal for: Junior and Senior QA specialists

Prerequisites: Good knowledge of Web technologies

Please be advised that participants should bring a laptop/notebook with a modern web browser (JS and AJAX support) for the training

Certificate: Upon successful completion of the course, attendees will receive a certificate from ESI CEE.